堆栈内存溢出
  简体   繁体   English

使用Java Servlet使用HTTPS进行数据加密

[英]Data Encryption with HTTPS using Java Servlets

 原文  2015-03-18 00:35:58       java/ tomcat/ servlets/ ssl/ encryption

问题描述

I'm writing a Java Servlet (javax.servlet.http.HttpServlet) using Tomcat 8 to provide an restful API. 我正在使用Tomcat 8编写Java Servlet(javax.servlet.http.HttpServlet),以提供一个宁静的API。 I want to configure a Tomcat server to use https and I want all data to be transferred as encrypted. 我想将Tomcat服务器配置为使用https,并且希望所有数据都以加密方式进行传输。

Despite much searching, I can't find: 尽管进行了大量搜索,但我找不到:

  • How to create an http servlet that can be accessed via https:// 如何创建可通过https://访问的http servlet
  • Configuring SSL in Tomcat such that there is a secure key exchange; 在Tomcat中配置SSL,以便进行安全的密钥交换; no hassle with certificates, etc. 无需证书等麻烦
  • An answer to what the best security method is. 最佳安全方法是什么的答案。 eg Is SSL still the way to go? 例如,SSL仍然可行吗?

2 个解决方案

解决方案1
 2  2015-03-18 00:46:50

Despite much searching, I can't find: 尽管进行了大量搜索,但我找不到:

How to create an http servlet that can be accessed via https:// 如何创建可通过https://访问的http servlet

It's the same as writing any other servlet. 与编写任何其他servlet相同。 There is no HTTPS-specific aspect to it. 它没有HTTPS特定的方面。

Configuring SSL in Tomcat such that there is a secure key exchange; 在Tomcat中配置SSL,以便进行安全的密钥交换; no hassle with certificates, etc. 无需证书等麻烦

There is no such thing as SSL without certificates, unless you want it completely insecure, in which case there's no point in using SSL at all. 没有证书就没有SSL之类的东西,除非您希望它完全不安全,在这种情况下完全没有必要使用SSL。 The Tomcat documentation has extensive information about generating certificates, keystores, etc. Tomcat文档包含有关生成证书,密钥库等的广泛信息。

An answer to what the best security method is. 最佳安全方法是什么的答案。 eg Is SSL still the way to go? 例如,SSL仍然可行吗?

Yes. 是。

解决方案2
 1  2015-03-18 01:12:45

There is no such a thing called https servlet. 没有这样的东西称为https servlet。 SSL is handled by the servlet container. SSL由Servlet容器处理。 To enable SSL in tomcat, follow the instructions here to generate a key and have tomcat accepts https - http://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html 要在tomcat中启用SSL,请按照此处的说明生成密钥并让tomcat接受https- http://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html

2- You can either force https by validating isSecure and redirect to https or use security constraint inside web.xml of your app. 2-您可以通过验证isSecure并强制将https重定向到https或在应用程序的web.xml中使用安全约束。 Check example here http://docs.oracle.com/cd/E19798-01/821-1841/bncbk/index.html 在此处查看示例http://docs.oracle.com/cd/E19798-01/821-1841/bncbk/index.html

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在没有加密的Java中使用HTTPS - Using HTTPS in Java Without Encryption 使用servlet的localhost https java应用程序 - a localhost https java application with servlets 使用Java Servlet多次下载 - multidownload using java servlets 使用MultipartConfig的Java Servlet - Java Servlets Using MultipartConfig Java Servlet将数据传输到浏览器 - Java Servlets transmitting data to browser 使用Java进行128位数据加密 - 128 bit data encryption using Java Java数据加密/解密 - Java data encryption/decryption 单元测试带有二进制数据的java servlet - unit testing java servlets with binary data Java中的servlet - servlets in Java java ee-使用servlet验证用户 - java ee - authenticate users using servlets
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM